DeFi Exchange PancakeSwap Warns of Hack: ‘Do Not Use the Site’

The project's Twitter account is warning users to stay off the site because it is under a DNS hijack attack.

2 min read
Burned pancakes. Image: Shutterstock

Decentralized crypto exchange PancakeSwap has been attacked by hackers, per a tweet.

Earlier today, a similar service called Cream Finance said its DNS (domain name service) had been "compromised by a third party." PancakeSwap’s Twitter account then confirmed that it had been attacked through the same mechanism.

A “DNS hijack” is when an attacker reroutes traffic toward a malicious server; in this case, the “hijacked site” was after credentials for for users’ accounts. 

Unlike a traditional exchange, where assets are traded through a central authority (like Coinbase, or the NYSE), a decentralized exchange uses smart contracts (essentially just code) that allow money to flow directly between traders. Decentralized exchanges tend to fall under the rubric of DeFi protocols, which are broadly defined as non-custodial systems for handling crypto.

Crucially, PancakeSwap’s smart contracts have not been hacked. Only the front-end of the website has been affected by this attack.

Investing in DeFi protocols can be extremely risky, since they are prone to hacks—half of all crypto-related hacks in 2020 targeted DeFi, according to the blockchain data company Chainalysis.

There's no sign of that slowing down in 2021: last week, a decentralized exchange called Dodo was hacked for nearly $4 million.


Want to be a crypto expert? Get the best of Decrypt straight to your inbox.

Get the biggest crypto news stories + weekly roundups and more!